class SkinnyMessageSetLamp(Packet):
name = 'Lamp message (light of the phone)'
fields_desc = [
LEIntEnumField("stimulus", 0x5, skinny_stimulus),
LEIntField("instance", 1),
LEIntEnumField("mode", 2, skinny_lamp_mode)
]
class SkinnyMessageCloseReceiveChannel(Packet):
name = 'close receive channel'
fields_desc = [LEIntField('conference', 0),
LEIntField('passthru', 0),
IPField('remote', '0.0.0.0'),
LEIntField('port', RandShort()),
SkinnyRateField('rate', 20),
LEIntEnumField('codec', 4, _skinny_codecs),
LEIntField('precedence', 200),
LEIntEnumField('silence', 0, _skinny_silence),
LEIntField('callid', 0)]
class SkinnyMessageOpenReceiveChannel(Packet):
name = 'open receive channel'
fields_desc = [LEIntField('conference', 0),
LEIntField('passthru', 0),
SkinnyRateField('rate', 20),
LEIntEnumField('codec', 4, _skinny_codecs),
LEIntEnumField('echo', 0, _skinny_echo),
LEIntField('unknown1', 0),
LEIntField('callid', 0)]
def guess_payload_class(self, p):
return conf.padding_layer
class Skinny(Packet):
name = "Skinny"
fields_desc = [
LEIntField("len", 0),
LEIntField("res", 0),
LEIntEnumField("msg", 0, skinny_messages)
]
class NEGOEX_MESSAGE_HEADER(Packet):
fields_desc = [
StrFixedLenField("Signature", "NEGOEXTS", length=8),
LEIntEnumField(
"MessageType", 0, {
0x0: "INITIATOR_NEGO",
0x01: "ACCEPTOR_NEGO",
0x02: "INITIATOR_META_DATA",
0x03: "ACCEPTOR_META_DATA",
0x04: "CHALENGE",
0x05: "AP_REQUEST",
0x06: "VERIFY",
0x07: "ALERT"
}),
LEIntField("SequenceNum", 0),
LEIntField("cbHeaderLength", None),
LEIntField("cbMessageLength", None),
UUIDField("ConversationId", None),
]
def post_build(self, pkt, pay):
if self.cbHeaderLength is None:
pkt = pkt[16:] + struct.pack("<I", len(pkt)) + pkt[20:]
if self.cbMessageLength is None:
pkt = pkt[20:] + struct.pack("<I", len(pkt) + len(pay)) + pkt[24:]
return pkt + pay
class USBpcapTransferIsochronous(Packet):
name = "USBpcap Transfer Isochronous"
fields_desc = [
LEIntField("offset", 0),
LEIntField("length", 0),
LEIntEnumField("usbd_status", 0x0, _usbd_status_codes)
]
class SkinnyMessageStartMediaTransmission(Packet):
name = 'start multimedia transmission'
fields_desc = [LEIntField('conference', 0),
LEIntField('passthru', 0),
IPField('remote', '0.0.0.0'),
LEIntField('port', RandShort()),
SkinnyRateField('rate', 20),
LEIntEnumField('codec', 4, _skinny_codecs),
LEIntField('precedence', 200),
LEIntEnumField('silence', 0, _skinny_silence),
SkinnyFramePerPacketField('maxframes', 0),
LEIntField('unknown1', 0),
LEIntField('callid', 0)]
def guess_payload_class(self, p):
return conf.padding_layer
class SkinnyMessageOpenReceiveChannelAck(Packet):
name = 'open receive channel'
fields_desc = [LEIntEnumField('status', 0, _skinny_receive_channel_status),
IPField('remote', '0.0.0.0'),
LEIntField('port', RandShort()),
LEIntField('passthru', 0),
LEIntField('callid', 0)]
class USBpcap(Packet):
name = "USBpcap URB"
fields_desc = [ByteField("headerLen", None),
ByteField("res", 0),
XLELongField("irpId", 0),
LEIntEnumField("usbd_status", 0x0, _usbd_status_codes),
LEShortEnumField("function", 0, _urb_functions),
XByteField("info", 0),
LEShortField("bus", 0),
LEShortField("device", 0),
XByteField("endpoint", 0),
ByteEnumField("transfer", 0, _transfer_types),
LenField("dataLength", None, fmt="<I")]
def post_build(self, p, pay):
if self.headerLen is None:
headerLen = len(p)
if isinstance(self.payload, (USBpcapTransferIsochronous,
USBpcapTransferInterrupt,
USBpcapTransferControl)):
headerLen += len(self.payload) - len(self.payload.payload)
p = chb(headerLen) + p[1:]
return p + pay
def guess_payload_class(self, payload):
if self.headerLen == 27:
# No Transfer layer
return super(USBpcap, self).guess_payload_class(payload)
if self.transfer == 0:
return USBpcapTransferIsochronous
elif self.transfer == 1:
return USBpcapTransferInterrupt
elif self.transfer == 2:
return USBpcapTransferControl
return super(USBpcap, self).guess_payload_class(payload)
class SkinnyMessageCallState(Packet):
name = 'Skinny Call state message'
fields_desc = [LEIntEnumField("state", 1, skinny_callstates),
LEIntField("instance", 1),
LEIntField("callid", 0),
LEIntField("unknown1", 4),
LEIntField("unknown2", 0),
LEIntField("unknown3", 0)]
class SkinnyMessageSetRinger(Packet):
name = 'Ring message'
fields_desc = [
LEIntEnumField("ring", 0x1, skinny_ring_type),
LEIntField("unknown1", 0),
LEIntField("unknown2", 0),
LEIntField("unknown3", 0)
]
class SkinnyMessageStartTone(Packet):
name = 'Start tone'
fields_desc = [
LEIntEnumField("tone", 0x21, _skinny_tones),
LEIntField("unknown1", 0),
LEIntField("instance", 1),
LEIntField("callid", 0)
]
class STDOBJREF(Packet):
name = 'stdObjRef'
fields_desc = [
LEIntEnumField('flags', 1, {0: 'PINGING', 8: 'SORF_NOPING'}),
LEIntField('cPublicRefs', 0),
LELongField('OXID', 0),
LELongField('OID', 0),
PacketField('IPID', None, UUIDField),
]
class Skinny(Packet):
name = "Skinny"
fields_desc = [LEIntField("len", None),
LEIntField("res", 0),
LEIntEnumField("msg", 0, skinny_messages_cls)]
def post_build(self, pkt, p):
if self.len is None:
# on compte pas les headers len et reserved
tmp_len = len(p) + len(pkt) - 8
pkt = struct.pack('@I', tmp_len) + pkt[4:]
return pkt + p
class NEFICSMSG(Packet):
name = 'NEFICS simulation message'
fields_desc = [
LEIntField('SenderID', 0),
LEIntField('ReceiverID', 0),
LEIntEnumField('MessageID', 0xFFFFFFFF, MESSAGE_ID_MAP),
LEIntField('IntegerArg0', 0),
LEIntField('IntegerArg1', 0),
LEFloatField('FloatArg0', 0.0),
LEFloatField('FloatArg1', 0.0)
]
class IRemoteSCMActivator_RemoteCreateInstanceLE(Packet):
name = 'RemoteCreateInstance'
fields_desc = [
LEShortField('versionMajor', 0),
LEShortField('versionMinor', 0),
LEIntEnumField('flag', 1, _objref_flag),
LEIntField('reserved', 0),
]
def guess_payload_class(self, payload):
try:
return _objref_pdu[self.flag][1]
except Exception:
pass
class ENIPTCP(Packet):
"""Ethernet/IP packet over TCP"""
name = "ENIPTCP"
fields_desc = [
LEShortEnumField("commandId", None, _commandIdList),
LEShortField("length", 0),
XLEIntField("session", 0),
LEIntEnumField("status", None, _statusList),
LELongField("senderContext", 0),
LEIntField("options", 0),
MultipleTypeField(
[
# List Services Reply
(PacketField("commandSpecificData", ENIPListServicesReply,
ENIPListServicesReply),
lambda pkt: pkt.commandId == 0x4),
# List Identity Reply
(PacketField("commandSpecificData", ENIPListIdentityReply,
ENIPListIdentityReply),
lambda pkt: pkt.commandId == 0x63),
# List Interfaces Reply
(PacketField("commandSpecificData", ENIPListInterfacesReply,
ENIPListInterfacesReply),
lambda pkt: pkt.commandId == 0x64),
# Register Session
(PacketField("commandSpecificData", ENIPRegisterSession,
ENIPRegisterSession),
lambda pkt: pkt.commandId == 0x65),
# Send RR Data
(PacketField("commandSpecificData", ENIPSendRRData,
ENIPSendRRData),
lambda pkt: pkt.commandId == 0x6f),
# Send Unit Data
(PacketField("commandSpecificData", ENIPSendUnitData,
ENIPSendUnitData),
lambda pkt: pkt.commandId == 0x70),
],
PacketField(
"commandSpecificData",
None,
CommandSpecificData) # By default
),
]
def post_build(self, pkt, pay):
if self.length is None and pay:
pkt = pkt[:2] + struct.pack("<H", len(pay)) + pkt[4:]
return pkt + pay
class OpcDaRejectLE(Packet):
name = "OpcDaReject"
fields_desc = [
LEIntField('allocHint', 0),
LEShortField('contextId', 0),
ByteField('cancelCount', 0),
ByteField('reserved', 0),
LEIntEnumField('Group', 0, _rejectStatus),
StrLenField('subData',
None,
length_from=lambda pkt: pkt.allocHint - 32),
PacketField('authentication', None, AuthentificationProtocol),
]
def extract_padding(self, p):
return b"", p
class NTLM_Header(Packet):
name = "NTLM Header"
fields_desc = [
StrFixedLenField('Signature', b'NTLMSSP\0', length=8),
LEIntEnumField('MessageType', 3, {1: 'NEGOTIATE_MESSAGE',
2: 'CHALLENGE_MESSAGE',
3: 'AUTHENTICATE_MESSAGE'}),
]
@classmethod
def dispatch_hook(cls, _pkt=None, *args, **kargs):
if _pkt and len(_pkt) >= 10:
MessageType = struct.unpack("<H", _pkt[8:10])[0]
if MessageType == 1:
return NTLM_NEGOTIATE
elif MessageType == 2:
return NTLM_CHALLENGE
elif MessageType == 3:
return NTLM_AUTHENTICATE_V2
return cls
class AV_PAIR(Packet):
name = "NTLM AV Pair"
fields_desc = [
LEShortEnumField(
'AvId', 0, {
0x0000: "MsvAvEOL",
0x0001: "MsvAvNbComputerName",
0x0002: "MsvAvNbDomainName",
0x0003: "MsvAvDnsComputerName",
0x0004: "MsvAvDnsDomainName",
0x0005: "MsvAvDnsTreeName",
0x0006: "MsvAvFlags",
0x0007: "MsvAvTimestamp",
0x0008: "MsvAvSingleHost",
0x0009: "MsvAvTargetName",
0x000A: "MsvAvChannelBindings",
}),
FieldLenField('AvLen', None, length_of="Value", fmt="<H"),
MultipleTypeField([
(LEIntEnumField(
'Value', 1, {
0x0001: "constrained",
0x0002: "MIC integrity",
0x0004: "SPN from untrusted source"
}), lambda pkt: pkt.AvId == 0x0006),
(UTCTimeField("Value",
None,
epoch=[1601, 1, 1, 0, 0, 0],
custom_scaling=1e7,
fmt="<Q"), lambda pkt: pkt.AvId == 0x0007),
(PacketField('Value', Single_Host_Data(),
Single_Host_Data), lambda pkt: pkt.AvId == 0x0008),
(XStrLenField('Value', b"", length_from=lambda pkt: pkt.AvLen),
lambda pkt: pkt.AvId == 0x000A),
], StrLenFieldUtf16('Value', b"", length_from=lambda pkt: pkt.AvLen))
]
def default_payload_class(self, payload):
return conf.padding_layer
class SkinnyMessageSpeakerMode(Packet):
name = 'Speaker mdoe'
fields_desc = [LEIntEnumField("ring", 0x1, skinny_speaker_modes)]
class NTLMSSPLE(Packet):
name = 'NTLM Secure Service Provider'
fields_desc = [
StrFixedLenField('identifier', 'NTLMSSP', length=8),
LEIntEnumField('messageType', 3, {3: 'NTLMSSP_AUTH'}),
LEShortField('lanManagerLen', 0),
LEShortField('lanManagerMax', 0),
LEIntField('lanManagerOffset', 0),
LEShortField('NTLMRepLen', 0),
LEShortField('NTLMRepMax', 0),
LEIntField('NTLMRepOffset', 0),
LEShortField('domainNameLen', 0),
LEShortField('domainNameMax', 0),
LEIntField('domainNameOffset', 0),
LEShortField('userNameLen', 0),
LEShortField('userNameMax', 0),
LEIntField('userNameOffset', 0),
LEShortField('hostNameLen', 0),
LEShortField('hostNameMax', 0),
LEIntField('hostNameOffset', 0),
LEShortField('sessionKeyLen', 0),
LEShortField('sessionKeyMax', 0),
LEIntField('sessionKeyOffset', 0),
FlagsField('negociateFlags', 0, 32, _negociate_flags),
ByteField('versionMajor', 0),
ByteField('versionMinor', 0),
LEShortField('buildNumber', 0),
ByteField('reserved', 0),
ShortField('reserved2', 0),
ByteField('NTLMCurrentRevision', 0),
StrFixedLenField('MIC', '', 16),
StrLenField('domainName',
'',
length_from=lambda pkt: pkt.domainNameLen),
StrLenField('userName', '', length_from=lambda pkt: pkt.userNameLen),
StrLenField('hostName', '', length_from=lambda pkt: pkt.hostNameLen),
StrLenField('lanManager',
'',
length_from=lambda pkt: pkt.lanManagerLen),
StrFixedLenField('NTLMRep', '', length=16),
ByteField('responseVersion', 0),
ByteField('hiResponseVersion', 0),
StrFixedLenField('Z', '', 6),
LELongField('timestamp', 0), # Time in nanosecond
StrFixedLenField('clientChallenge', '', 8),
LEIntField('Z', 0),
PacketField('attribute1', None, AttributeNameLE),
PacketField('attribute2', None, AttributeNameLE),
PacketField('attribute3', None, AttributeNameLE),
PacketField('attribute4', None, AttributeNameLE),
PacketField('attribute5', None, AttributeNameLE),
PacketField('attribute6', None, AttributeNameLE),
PacketField('attribute7', None, AttributeNameLE),
PacketField('attribute8', None, AttributeNameLE),
PacketField('attribute9', None, AttributeNameLE),
PacketField('attribute10', None, AttributeNameLE),
LEIntField('Z', 0),
LEIntField('padding', 0),
StrLenField('sessionKey',
'',
length_from=lambda pkt: pkt.sessionKeyLen),
]
def extract_padding(self, p):
return b"", p